Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP ME!

Started by darkstar225 , Nov 08 2005 05:50 PM

  • Please log in to reply

#1
darkstar225
Posted 08 November 2005 - 05:50 PM

darkstar225

    Member

  • Member
  • PipPipPip
  • 119 posts
ok, i juss bought this laptop used about a month ago and it feels a little slow, so i ran HJT...if anyone wants sto look at it and tell me if im clean or not i would be VERY thankful!!

Logfile of HijackThis v1.99.1
Scan saved at 3:47:42 PM, on 11/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/private/home.aspx
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\4cf7uwh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunOnce: [avt5qxf.exe] C:\WINDOWS\System32\avt5qxf.exe /k
O4 - HKCU\..\RunOnce: [avt5qxf.exe] C:\WINDOWS\System32\avt5qxf.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishga...mjolauncher.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
  • 0

Advertisements

#2
darkstar225
Posted 09 November 2005 - 07:18 PM

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:17:30 PM, on 11/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/private/home.aspx
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\4cf7uwh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunOnce: [avt5qxf.exe] C:\WINDOWS\System32\avt5qxf.exe /k
O4 - HKCU\..\RunOnce: [avt5qxf.exe] C:\WINDOWS\System32\avt5qxf.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishga...mjolauncher.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
  • 0

#3
njustice
Posted 09 November 2005 - 07:22 PM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Helping in chat...asked user to post a new log.
  • 0

#4
njustice
Posted 09 November 2005 - 07:37 PM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Advised user to get AVG...update...then run it.

Run these two free online scans allowing them to fix or delete anything they locate, please note any item they could not remove and the location, post this information in your next thread.

Please go to the TrendMicro website HERE
  • Click Check my PC now
  • On the next page it will verify that Trendmicro scan can be run.
  • There should be 4 green checkmarks, if any of them stay a red X please let me know which one(s)
  • Read the agreement, then click continue with Next Step
  • Wait for the scanner to load, if you get a security warning about the Trend-Micro applet, click YES
  • It will install "Core-Packages", then please run a full system scan - let me know how many infected items it found and if any of them couldn't be cleaned/deleted and the name/location


Next....go to the following:

http://www.windowsec...com/trojanscan/
  • 0

#5
darkstar225
Posted 10 November 2005 - 01:46 AM

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ok, i did them all. sorry, but my initerenet went down when we were chatting. but i finished thee scans and here is the new HJT log


Logfile of HijackThis v1.99.1
Scan saved at 11:45:08 PM, on 11/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/private/home.aspx
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\4cf7uwh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [avt5qxf.exe] C:\WINDOWS\System32\avt5qxf.exe /k
O4 - HKCU\..\RunOnce: [avt5qxf.exe] C:\WINDOWS\System32\avt5qxf.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishga...mjolauncher.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  • 0

#6
njustice
Posted 10 November 2005 - 06:01 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello,
  • Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\4cf7uwh.dll
    O4 - HKLM\..\RunOnce: [avt5qxf.exe] C:\WINDOWS\System32\avt5qxf.exe /k
    O4 - HKCU\..\RunOnce: [avt5qxf.exe] C:\WINDOWS\System32\avt5qxf.exe /k
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    Close all browsers and windows, Click on Fix Checked when finished and exit HijackThis.
  • Reboot into Safe Mode: please Read Here if you are not sure how to do this.

    Using Windows Explorer, locate the following files in red, and delete them:
    C:\WINDOWS\system32\4cf7uwh.dll
    C:\WINDOWS\System32\avt5qxf.exe

    Exit Explorer, and reboot as normal afterwards.
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a new hijackthis log.

  • 0

#7
darkstar225
Posted 10 November 2005 - 03:23 PM

darkstar225

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ok, i finished all of it. here is the Spy Sweeper scan log

********
1:03 PM: | Start of Session, Thursday, November 10, 2005 |
1:03 PM: Spy Sweeper started
1:03 PM: Sweep initiated using definitions version 571
1:03 PM: Starting Memory Sweep
1:07 PM: Memory Sweep Complete, Elapsed Time: 00:03:57
1:07 PM: Starting Registry Sweep
1:08 PM: Registry Sweep Complete, Elapsed Time:00:00:24
1:08 PM: Starting Cookie Sweep
1:08 PM: Found Spy Cookie: yieldmanager cookie
1:08 PM: [email protected][1].txt (ID = 3751)
1:08 PM: Found Spy Cookie: adecn cookie
1:08 PM: user@adecn[2].txt (ID = 2063)
1:08 PM: Found Spy Cookie: hbmediapro cookie
1:08 PM: [email protected][2].txt (ID = 2768)
1:08 PM: Found Spy Cookie: adrevolver cookie
1:08 PM: user@adrevolver[2].txt (ID = 2088)
1:08 PM: user@adrevolver[3].txt (ID = 2088)
1:08 PM: Found Spy Cookie: ads.adsag cookie
1:08 PM: [email protected][1].txt (ID = 2108)
1:08 PM: Found Spy Cookie: adserver cookie
1:08 PM: user@adserver[1].txt (ID = 2141)
1:08 PM: Found Spy Cookie: advertising cookie
1:08 PM: user@advertising[2].txt (ID = 2175)
1:08 PM: Found Spy Cookie: falkag cookie
1:08 PM: [email protected][1].txt (ID = 2650)
1:08 PM: Found Spy Cookie: ask cookie
1:08 PM: user@ask[2].txt (ID = 2245)
1:08 PM: Found Spy Cookie: atlas dmt cookie
1:08 PM: user@atdmt[2].txt (ID = 2253)
1:08 PM: Found Spy Cookie: belnk cookie
1:08 PM: [email protected][1].txt (ID = 2293)
1:08 PM: Found Spy Cookie: atwola cookie
1:08 PM: user@atwola[1].txt (ID = 2255)
1:08 PM: Found Spy Cookie: classmates cookie
1:08 PM: user@classmates[2].txt (ID = 2384)
1:08 PM: Found Spy Cookie: sextracker cookie
1:08 PM: [email protected][1].txt (ID = 3362)
1:08 PM: [email protected][1].txt (ID = 3362)
1:08 PM: [email protected][1].txt (ID = 3362)
1:08 PM: [email protected][2].txt (ID = 2293)
1:08 PM: Found Spy Cookie: trakkerd.net cookie
1:08 PM: [email protected][2].txt (ID = 3586)
1:08 PM: Found Spy Cookie: screensavers.com cookie
1:08 PM: [email protected][2].txt (ID = 3298)
1:08 PM: Found Spy Cookie: 2o7.net cookie
1:08 PM: [email protected][1].txt (ID = 1958)
1:08 PM: Found Spy Cookie: nextag cookie
1:08 PM: user@nextag[2].txt (ID = 5014)
1:08 PM: Found Spy Cookie: paypopup cookie
1:08 PM: user@paypopup[2].txt (ID = 3119)
1:08 PM: [email protected][1].txt (ID = 3120)
1:08 PM: Found Spy Cookie: valuead cookie
1:08 PM: [email protected][1].txt (ID = 3627)
1:08 PM: Found Spy Cookie: pricegrabber cookie
1:08 PM: user@pricegrabber[1].txt (ID = 3185)
1:08 PM: Found Spy Cookie: questionmarket cookie
1:08 PM: user@questionmarket[1].txt (ID = 3217)
1:08 PM: Found Spy Cookie: realmedia cookie
1:08 PM: user@realmedia[2].txt (ID = 3235)
1:08 PM: Found Spy Cookie: reunion cookie
1:08 PM: user@reunion[2].txt (ID = 3255)
1:08 PM: Found Spy Cookie: rn11 cookie
1:08 PM: user@rn11[2].txt (ID = 3261)
1:08 PM: Found Spy Cookie: servedby advertising cookie
1:08 PM: [email protected][1].txt (ID = 3335)
1:08 PM: Found Spy Cookie: reliablestats cookie
1:08 PM: [email protected][2].txt (ID = 3254)
1:08 PM: Found Spy Cookie: stlyrics cookie
1:08 PM: user@stlyrics[1].txt (ID = 3461)
1:08 PM: Found Spy Cookie: tradedoubler cookie
1:08 PM: user@tradedoubler[1].txt (ID = 3575)
1:08 PM: Found Spy Cookie: trafficmp cookie
1:08 PM: user@trafficmp[2].txt (ID = 3581)
1:08 PM: Found Spy Cookie: about cookie
1:08 PM: [email protected][1].txt (ID = 2038)
1:08 PM: [email protected][2].txt (ID = 2246)
1:08 PM: [email protected][1].txt (ID = 3298)
1:08 PM: Found Spy Cookie: xiti cookie
1:08 PM: user@xiti[1].txt (ID = 3717)
1:08 PM: user@yieldmanager[1].txt (ID = 3749)
1:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
1:08 PM: Starting File Sweep
1:16 PM: Warning: Invalid Stream
1:16 PM: File Sweep Complete, Elapsed Time: 00:08:34
1:16 PM: Full Sweep has completed. Elapsed time 00:13:07
1:16 PM: Traces Found: 40
1:19 PM: Removal process initiated
1:20 PM: Quarantining All Traces: 2o7.net cookie
1:20 PM: Quarantining All Traces: about cookie
1:20 PM: Quarantining All Traces: adecn cookie
1:20 PM: Quarantining All Traces: adrevolver cookie
1:20 PM: Quarantining All Traces: ads.adsag cookie
1:20 PM: Quarantining All Traces: adserver cookie
1:20 PM: Quarantining All Traces: advertising cookie
1:20 PM: Quarantining All Traces: ask cookie
1:20 PM: Quarantining All Traces: atlas dmt cookie
1:20 PM: Quarantining All Traces: atwola cookie
1:20 PM: Quarantining All Traces: belnk cookie
1:20 PM: Quarantining All Traces: classmates cookie
1:20 PM: Quarantining All Traces: falkag cookie
1:20 PM: Quarantining All Traces: hbmediapro cookie
1:20 PM: Quarantining All Traces: nextag cookie
1:20 PM: Quarantining All Traces: paypopup cookie
1:20 PM: Quarantining All Traces: pricegrabber cookie
1:20 PM: Quarantining All Traces: questionmarket cookie
1:20 PM: Quarantining All Traces: realmedia cookie
1:20 PM: Quarantining All Traces: reliablestats cookie
1:20 PM: Quarantining All Traces: reunion cookie
1:20 PM: Quarantining All Traces: rn11 cookie
1:20 PM: Quarantining All Traces: screensavers.com cookie
1:20 PM: Quarantining All Traces: servedby advertising cookie
1:20 PM: Quarantining All Traces: sextracker cookie
1:20 PM: Quarantining All Traces: stlyrics cookie
1:20 PM: Quarantining All Traces: tradedoubler cookie
1:20 PM: Quarantining All Traces: trafficmp cookie
1:20 PM: Quarantining All Traces: trakkerd.net cookie
1:20 PM: Quarantining All Traces: valuead cookie
1:20 PM: Quarantining All Traces: xiti cookie
1:20 PM: Quarantining All Traces: yieldmanager cookie
1:20 PM: Removal process completed. Elapsed time 00:00:08
********
1:01 PM: | Start of Session, Thursday, November 10, 2005 |
1:01 PM: Spy Sweeper started
1:01 PM: Your spyware definitions have been updated.
1:03 PM: | End of Session, Thursday, November 10, 2005 |



and here is the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 1:23:10 PM, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\User\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/private/home.aspx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishga...mjolauncher.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#8
njustice
Posted 10 November 2005 - 05:09 PM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
C:tazz:NGRATULATI:)NS! at last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future. Please do these steps as soon as possible if you haven't already.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
a. Windows Update: http://v5.windowsupd.../en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the
second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.

3. Download and install the following free programs
a. SpywareBlaster: http://www.javacools...areblaster.html
b. SpywareGuard: http://www.wildersse...ywareguard.html
c. IE/Spyad: https://netfiles.uiu...ww/resource.htm
d. Bugoff: http://www.majorgeek...wnload4308.html

4. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft.de/
b. Spybot S&D: http://security.koll...n&page=download

Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware". You will find the list here: http://www.spywarewa...nti-spyware,htm

5. Install 'Spoofstick"
Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox.
a. http://www.corestreet.com/spoofstick

6. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. See the links below:
a. ZoneAlarm
b. Kerio

7. Reset System Restore
If you are using Windows ME or Windows XP, please reset your System Restore.
a. Turn off system restore by right clicking on "My Computer" and go to "Properties"->"System Restore" and check the box for "Turn off System Restore". Click "Apply" and then "OK". Restart your computer. Reverse these steps and turn "System Restore" back on and create a new restore point.

8. Use GoogleToolbar - It's free, blocks popups and takes seconds to install. Use the toolbar without the advanced features enabled(check this during install), the toolbar is completely inert--it doesn't send any information to Google whatsoever as you surf.
a. GoogleToolbar

9. RegScrubXP 3.25 - Safely cleans junk out of the Windows. 2000/XP system registry. All changes made to the registry are fully restorable to it's original condition.
a. RegScrubXP 3.25

10. Online Virus Scans - Run these on a regular basis(I usually do about once a month or suspect a problem):
a. http://www.pandasoft...n_principal.htm
b. http://www.windowsec...com/trojanscan/
c. http://housecall.trendmicro.com/
d. http://www.bitdefend...can/licence.php

11. Alternative Browsers - Using an alternative browser other than IE will IMMENSELY reduce the risk of infection:
a. Firefox<==my #1 choice
b. Avant
c. Opera


Good luck, and thanks for coming to our forums for help with your security and malware issues.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP